improve state handling on refresh

Currently when someone successfully authenticates with `gitlab` to `github`, via https://badging.chaoss.community/badge and refreshes, the web treats that as a fresh session that needs a new token even when the previous authenticated token is still valid and not expired. 